From be0ebf9e02bf5de8aa9ce21148f7a549a4e2c8ee Mon Sep 17 00:00:00 2001
From: Steffen Illium <steffen.illium@gmail.com>
Date: Fri, 26 Apr 2024 13:31:32 +0200
Subject: [PATCH] nc mid

---
 apps/nextcloud/base/ingress.yaml               |  3 ++-
 apps/nextcloud/base/middleware.yaml            | 18 +++++++++++++++---
 .../base/middlewares/default-headers.yaml      |  6 +++++-
 3 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/apps/nextcloud/base/ingress.yaml b/apps/nextcloud/base/ingress.yaml
index 6df1f55..2395fec 100644
--- a/apps/nextcloud/base/ingress.yaml
+++ b/apps/nextcloud/base/ingress.yaml
@@ -15,4 +15,5 @@ spec:
     - name: nextcloud
       port: 80
     middlewares:
-    - name: nextcloud
+    - name: response
+    - name: redirect
diff --git a/apps/nextcloud/base/middleware.yaml b/apps/nextcloud/base/middleware.yaml
index e5a6be4..5330db8 100644
--- a/apps/nextcloud/base/middleware.yaml
+++ b/apps/nextcloud/base/middleware.yaml
@@ -1,9 +1,21 @@
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
-  name: nextcloud
+  name: redirect
 spec:
   redirectRegex:
-    regex: "^https://(.*)/.well-known/(card|cal)dav"
+    regex: "https://(.*)/.well-known/(card|cal)dav"
     replacement: "https://${1}/remote.php/dav/"
-    permanent: true
\ No newline at end of file
+    permanent: true
+
+---
+
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: response
+spec:
+  customResponseHeaders:
+    ### Change this to none to remove the Robots error:
+      X-Robots-Tag: "noindex, nofollow"
+      server: ""
diff --git a/infrastructure/03-traefik/base/middlewares/default-headers.yaml b/infrastructure/03-traefik/base/middlewares/default-headers.yaml
index b0884d2..0ab1dbc 100644
--- a/infrastructure/03-traefik/base/middlewares/default-headers.yaml
+++ b/infrastructure/03-traefik/base/middlewares/default-headers.yaml
@@ -11,6 +11,10 @@ spec:
     stsIncludeSubdomains: true
     stsPreload: true
     stsSeconds: 15552000
-    customFrameOptionsValue: SAMEORIGIN
+    featurePolicy: "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';"
+    customFrameOptionsValue: "SAMEORIGIN"
     customRequestHeaders:
       X-Forwarded-Proto: https
+    accessControlMaxAge: 300
+    sslRedirect: true
+    referrerPolicy: "no-referrer"